Ok Lutz - Thanks.
This means the problem if any is in the design of the opens SSL interface to apache.
I thinks Ben Laurie did this and I will endeavor to take it up with the apache-openSSL
group if I can find it.
On Sun, Feb 04, 2001 at 09:02:27AM +0100, Lutz Jaenicke wrote:
> On Sat, Feb 03, 2001 at 08:29:11PM -0700, [EMAIL PROTECTED] wrote:
> > Through a newbie misconfiguration I ended up trying to feed http protocol into the
>https code. I noted after I traced the code that it is spcifically written to trap
>the http commands. My question is that since this level of effort has been
>undertaken... why not just bounce out of the https routines and let apache handle it
>as http?
>
> It is not job of the SSL handshake code to guess what protocol was actually
> meant. There are more SSL enabled protocols, like imap, pop, ...
> It is either job of the application to pre-check the bytes coming in
> (possible, but takes a lot of additional effort) or job of the admin
> to properly set it up. The author of the application could of course guess
> this kind of mistake, so when the "wrong SSL version" message is sent, the
> software could give a hint "wrong protocol version, maybe http on https port".
> This is not my idea, it is the way mod_ssl handles this case.
>
> Best regards,
> Lutz
> --
> Lutz Jaenicke [EMAIL PROTECTED]
> BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
> Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
> Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> Development Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
